Promoting a replica is only necessary if you installed with a selfsign CA and want to issue certs from that machine. With selfsign you really should pick one machine as the CA and stick with it otherwise you'll end up issuing different certs with duplicate serial numbers and sooner or later that will catch up with you. Promotion is documented in case that single point of failure, well, fails.

Once a replica is installed it is a full IPA server. This means the UI, XML-RPC interface, KDC, LDAP backend, the works. The only optional components are the DNS and CA (dogtag).



